This is the second part of the series covering Amazon CloudFront. In this part we will get back to the process of creation of a CloudFront distribution and discuss the options that we have there.

VMware Training – Resources (Intense)

So let’s start with “Origin Settings”:

“Origin Domain Name” – the DNS name of the origin server

“Origin Path” – you can specify the directory within the Amazon S3 bucket to be used as root folder when the requests are made

“Origin ID” – this is a string that allows you to differentiate this origins from the origins from the same distribution. If you don’t specify a value, one is being created for you based on the origin domain name

Restrict Bucket Access – If the option is “Yes” then the objects from the S3 bucket will be accessed only by using the CloudFront URL and not using the S3 URL. If the option is “No”, then you can access the objects from the bucket by using both methods. As you can see below, I can access the index.html by referencing the S3 URL:

Let’s move further on “Default Cache Behavior Settings.” Actually this section is seen in this form only when you create the distribution. A cache behavior will allow you to configure different settings for different types of files. The default cache behavior for a new distribution is forwarding all the requests to the origin. Once the distribution was created, additional cache behaviors can be added.

– “Path Pattern” – specifies to which requests this cache behavior should be applied. As mentioned, you cannot modify the value if you are in the process of creating the distribution. For instance, after the distribution was created, I created another cache behavior that is applied only to files with the extension .jpg:

– “Viewer Protocol Policy” – this defines that protocol that you want users to use to access the content.

– “Allowed HTTP Methods” – this defines what HTTP methods can be processed by CloudFront and forwarded to the origin.

– “Object Caching” – defines how long the objects should be stored in cache. If the origin server is adding a “Cache-Control” header to control how long the objects will stay in the cache, the choose “Use Origin Cache Headers”. If you want to override, you can choose “Customize” and specify the value of “TTL” that you want to keep the object in the cache. The value is in seconds.

– “Forward Cookies” – This is not applicable to S3 buckets based origins. This defines if the cookies should be forwarded to the origin.

– “Forward Query Strings” – This defines if the origin server can return different versions of the objects based on a query string from the URL.

– “Restricted Viewer Access” – This defines if the objects matched by the cache behaviour can be requested using public URLs or signed URLs.

Let’s move on to the next section, “Distribution Settings”:

– “Price Class” – Defines from which edge locations the content will be delivered to the users and implicitly the price that you will pay. Obviously the best performance comes with the highest price.

– “Alternate Domain Names(CNAMEs)” – you can specify a domain name of your choice to be used to retrieve the content instead of the URL provided by CloudFront. For instance, I used this CNAME. You will need to make the proper changes in your DNS:

And I can access the files using this link: www.vtep.net/index.html

– “SSL Certificate” – This defines the HTTPS access certificates

– “Default Root Object” – This defines the object that is accessed when the root URL is requested. For instance, if index.html would be used, then both these two links will show the same thing: http://dtj4m7p93mot1.cloudfront.net/index.html and http://dtj4m7p93mot1.cloudfront.net

– “Logging” – This configured logging for each request and the logs are kept in a S3 bucket.

– “Bucket for Logs”, “Log Prefix” and “Cookie Logging” are related to the logging option.

– “Comment” – You can use this field to add additional information.

– “Distribution State” – This defines if the distribution should be enabled or disabled after it’s being deployed.

And these are the options that you can modify during distribution creation.

There are a few other options that you can change after the distribution was created.

This is how you can access the distribution settings. Select the distribution and click on “Distribution Settings”:

This will take you to a multi-tab page from where you can change the settings that you saw during distribution creation and others:

Other interesting settings are found in the “Restrictions” tab. Here you can deny access from specific countries (blacklist) or you can allow access from specific countries (whitelist):

Now, let’s discuss a little bit about some of the options.

The first one will be “Object Caching.” As said previously you can modify the default 24 hour intervals that an object can stay in the cache before CloudFront forwards another request to the origin server. There are two sides of the story. Let’s say that the object version is changed on a weekly basis. If you lower the TTL, then the only thing that you will do will be to keep sending the requests to the origin although the version has not changed. You are charged based on the requests made. However, if the object version changes 10 times a day, if you keep the default TTL, then the user that will be served from the same edge location where the file is already in cache might not get the latest version of the object.

Choose the right TTL value based on the version change of the objects.

The second one is “Price Class”. As said, this defines from what edge locations the user can be served. If you are choosing to serve the user only from the U.S. and Europe and the user is from Asia, then the latency for this user will be higher than if he would be in the U.S. or Europe. But you will pay less.

Choose the right price class based on the location of your users.

And we reached the end of the second part of the CloudFront series.

By reaching this point of the article, you should be now familiar with the settings of a Web distribution and how you can change them to achieve the best content delivery for users.

Paris Arau is a network engineer with extensive knowledge of Cisco and Juniper routing and switching platforms. He is CCIE R&S and dual JNCIE(SP and ENT). With a strong service provider and enterprise background, he is working on a daily basis with cutting-edge technologies. He also writes about routing and switching technologies, cloud computing, virtualization at his personal blog, http://nextheader.net.

About Intense

Intense School has been providing accelerated IT training and certification for over 12 years to more than 45,000 IT and Information Security professionals worldwide. Come see why we have the highest pass rates in the industry!

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

How will you fund your training?

Why Take This Training?

What is your timeline for training?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam